WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-24384
8.8HIGH
Summary
The WPDevArt Organization Chart plugin for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in versions up to 1.4.4. This could allow an attacker to execute unwanted actions on behalf of authenticated users, which may potentially lead to unauthorized changes in user settings or data manipulation. Ensuring that users update to a secure version is crucial to mitigate this risk.
Affected Version(s)
Organization chart <= 1.4.4
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
yuyudhn (Patchstack Alliance)